Cyber loot: Conti RaaS reaped US$180 million in 2021 from ransom payments

The prolific RaaS (Ransomware-as-a-Service) group Conti, which has been bringing governments and businesses throughout the world to their knees with their RaaS model, have made a mountain of money as high as US$ 180 million last year, says an Akamai report.

In the Akamai Ransomware Threat Report APJ Deep Dive H1 2022, Akamai analysed a recent leak of documents from Conti to understand its modus operandi and to form a profile of the attack trends, tools, and tactics that led to its success.

Read more: The Rise of RaaS: With Conti attacking Costa Rica govt vulnerability is in the limelight

Akamai also found that business services was the top victimized industry in the Asia Pacific and Japan (APJ) region and the Conti group is targeting small and medium-sized businesses (SMBs) that can pay a ransom but don’t have access to strong cybersecurity technologies.

Akamai gathered the data for this report from Conti’s publicly reported attacks on their leak site. The worrying part is that the data does not represent all of Conti’s attempted attacks.

High Business Sector Attacks Concern for Affiliated Parties

Despite the fact that businesses were the top target of Conti in the APJ region, it ranked the third-highest globally to be attacked by Conti. According to Akamai, the Conti group’s heavy slant against North American and EMEA regions is the reason for lesser frequency of attacks in the APJ region.

Still, the higher number of attacks on business services in this region can be concerning because of the risk of supply chain cyberattacks. According to the report, cybercriminals can breach a third party, such as business services companies, to gain a foothold on high-value targets.

Akamai also found that business services was the top victimized industry in the Asia Pacific and Japan (APJ) region and the Conti group is targeting small and medium-sized businesses (SMBs) that can pay a ransom but don’t have access to strong cybersecurity technologies

For example, a Taiwanese company and supplier/contractor for a high-end automobile manufacturer, and a consumer electronics company, suffered Conti attacks in 2022. Despite 1,500 servers being encrypted, the attack reportedly impacted only noncritical systems. Here, third-party companies can introduce security risks to affiliated organizations.

The APJ region also indicates a considerably higher number of critical infrastructure attacks as compared with other regions. “Attacks on these verticals could have catastrophic, real-world implications,” says the report.

For example, one of the largest electricity providers in Australia was hit by a Conti ransomware attack in 2021. Although the attack did not disrupt their services, it could easily have.

Read more: ESET Research uncovers new cyberespionage group Worok targeting companies, govts in Asia

Retail and hospitality were the second most attacked verticals in APJ. This is not surprising since the commerce industry contains troves of confidential information, such as personal identifiable information (PII) and credit card numbers, making it a lucrative target.

SMBs Beware

The report highlights that more than 40% of victimized organizations make revenue up to US$50 million. This means the Conti group is targeting small and medium-sized businesses (SMBs) that are able to pay the ransom but do not have the same resources and cybersecurity technologies as larger enterprises.